Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
midPoint_container/demo/grouper/docker-compose.yml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
337 lines (323 sloc)
10.3 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.3" | |
services: | |
grouper_daemon: | |
build: ./grouper_daemon/ | |
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; /usr/local/bin/startup.sh" | |
depends_on: | |
- grouper_data | |
- directory | |
environment: | |
- ENV | |
- USERTOKEN | |
- GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE=password | |
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt | |
- RABBITMQ_PASSWORD_FILE=/run/secrets/rabbitmq_password.txt | |
- SUBJECT_SOURCE_LDAP_PASSWORD=password | |
networks: | |
net: | |
aliases: | |
- grouper-daemon | |
healthcheck: | |
test: curl -s grouper_data:3306 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
secrets: | |
- g_database_password.txt | |
- rabbitmq_password.txt | |
- source: grouper.hibernate.properties | |
target: grouper_grouper.hibernate.properties | |
- source: grouper-loader.properties | |
target: grouper_grouper-loader.properties | |
- source: subject.properties | |
target: grouper_subject.properties | |
volumes: | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.properties | |
target: /opt/grouper/conf/grouper.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.client.properties | |
target: /opt/grouper/conf/grouper.client.properties | |
grouper_ui: | |
build: ./grouper_ui/ | |
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui" | |
depends_on: | |
- grouper_data | |
- directory | |
environment: | |
- ENV | |
- USERTOKEN | |
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt | |
- SUBJECT_SOURCE_LDAP_PASSWORD=password | |
networks: | |
net: | |
aliases: | |
- grouper-ui | |
ports: | |
- 4443:443 | |
secrets: | |
- g_database_password.txt | |
- source: grouper.hibernate.properties | |
target: grouper_grouper.hibernate.properties | |
- source: grouper-loader.properties | |
target: grouper_grouper-loader.properties | |
- source: subject.properties | |
target: grouper_subject.properties | |
- source: g_sp-key.pem | |
target: shib_sp-key.pem | |
- source: g_host-key.pem | |
target: host-key.pem | |
volumes: | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.properties | |
target: /opt/grouper/conf/grouper.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.client.properties | |
target: /opt/grouper/conf/grouper.client.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/shibboleth/sp-cert.pem | |
target: /etc/shibboleth/sp-cert.pem | |
- type: bind | |
source: ./configs-and-secrets/grouper/shibboleth/shibboleth2.xml | |
target: /etc/shibboleth/shibboleth2.xml | |
- type: bind | |
source: ./configs-and-secrets/grouper/shibboleth/idp-metadata.xml | |
target: /etc/shibboleth/idp-metadata.xml | |
- type: bind | |
source: ./configs-and-secrets/grouper/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/host-cert.pem | |
- type: bind | |
source: ./configs-and-secrets/grouper/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/cachain.pem | |
grouper_ws: | |
build: ./grouper_ws/ | |
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; exec ws" | |
depends_on: | |
- grouper_data | |
- directory | |
environment: | |
- ENV | |
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt | |
- SUBJECT_SOURCE_LDAP_PASSWORD=password | |
- USERTOKEN | |
networks: | |
net: | |
aliases: | |
- grouper-ws | |
ports: | |
- 9443:443 | |
secrets: | |
- g_database_password.txt | |
- source: grouper.hibernate.properties | |
target: grouper_grouper.hibernate.properties | |
- source: grouper-loader.properties | |
target: grouper_grouper-loader.properties | |
- source: subject.properties | |
target: grouper_subject.properties | |
- source: g_sp-key.pem | |
target: shib_sp-key.pem | |
- source: g_host-key.pem | |
target: host-key.pem | |
volumes: | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.properties | |
target: /opt/grouper/conf/grouper.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.client.properties | |
target: /opt/grouper/conf/grouper.client.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/host-cert.pem | |
- type: bind | |
source: ./configs-and-secrets/grouper/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/cachain.pem | |
grouper_data: | |
build: ./grouper_data/ | |
networks: | |
net: | |
aliases: | |
- grouper-data | |
ports: | |
- 3306:3306 | |
healthcheck: | |
test: curl -s grouper_data:3306 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- grouper_data:/var/lib/mysql | |
directory: | |
build: ./directory/ | |
ports: | |
- 389:389 | |
networks: | |
- net | |
volumes: | |
- ldap:/var/lib/dirsrv | |
sources: | |
build: ./sources/ | |
ports: | |
- 13306:3306 | |
networks: | |
- net | |
volumes: | |
- source_mysql:/var/lib/mysql | |
- source_data:/var/lib/mysqlmounted | |
environment: | |
- CREATE_NEW_DATABASE=if_needed | |
data_init: | |
image: i2incommon/midpoint:${tag:-4.4.1} | |
command: > | |
bash -c " | |
chmod 777 /opt/mp-pw/ ; | |
touch /opt/mp-pw/db_init_in_progress ; | |
echo -e '#!/bin/sh\ntouch /opt/mp-pw/db_init' >/opt/db-init/000-start.sh ; | |
echo -e '#!/bin/sh\necho DB structure init process has finished...\nrm -f /opt/mp-pw/db_init_in_progress /opt/mp-pw/db_init' > /opt/db-init/999-finish.sh ; | |
/opt/midpoint/bin/midpoint.sh init-native | |
" | |
environment: | |
- MP_INIT_DB_CONCAT=/opt/db-init/init.sql | |
- MP_DB_PW=/opt/mp-pw/dbpassword | |
- MP_PW_DEF=/opt/mp-pw/keystorepw | |
volumes: | |
- db_init:/opt/db-init | |
- mp_pw:/opt/mp-pw | |
midpoint_data: | |
image: postgres:13-alpine | |
command: > | |
bash -c " | |
rm -f /var/lib/postgresql/data/postmaster.pid ; | |
while [ ! -s /opt/mp-pw/dbpassword -o -e /opt/mp-pw/init_in_progress ] ; do | |
echo 'Waiting to the end of the init process...'; | |
sleep 1; | |
done ; | |
{ | |
sleep 2 ; | |
if [ ! -e /opt/mp-pw/db_init -a -e /opt/mp-pw/db_init_in_progress ] ; | |
then echo 'DB init did not start...' ; | |
rm -f /opt/mp-pw/db_ini*; | |
echo 'The lock files has been removed...'; | |
fi ; | |
} & | |
docker-entrypoint.sh postgres | |
" | |
user: "70:70" | |
depends_on: | |
- data_init | |
environment: | |
- POSTGRES_PASSWORD_FILE=/opt/mp-pw/dbpassword | |
- POSTGRES_USER=midpoint | |
- POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8 | |
ports: | |
- 5432:5432 | |
networks: | |
- net | |
volumes: | |
- midpoint_data:/var/lib/postgresql/data | |
- db_init:/docker-entrypoint-initdb.d/ | |
- mp_pw:/opt/mp-pw | |
midpoint_server: | |
build: | |
context: ./midpoint_server/ | |
args: | |
tag: ${tag:-4.4.1} | |
depends_on: | |
- data_init | |
- midpoint_data | |
ports: | |
- 8443:443 | |
environment: | |
- ENV | |
- USERTOKEN | |
- MP_SET_midpoint_repository_jdbcUsername=midpoint | |
- MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword | |
- MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint | |
- MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/mp-pw/keystorepw | |
- MP_SET_server_tomcat_ajp_enabled=true | |
- MP_SET_server_tomcat_ajp_port=9090 | |
- MP_SET_server_tomcat_ajp_secret=s3cr3t | |
- MP_SET_logging_path=/tmp/logtomcat | |
- MP_UNSET_midpoint_repository_hibernateHbm2ddl=1 | |
- MP_NO_ENV_COMPAT=1 | |
- MP_MEM_MAX | |
- MP_MEM_INIT | |
- MP_JAVA_OPTS | |
- TIER_BEACON_OPT_OUT | |
- TIMEZONE | |
networks: | |
net: | |
aliases: | |
- midpoint-server | |
secrets: | |
- mp_host-key.pem | |
- mp_shibboleth_sp_keys.jks | |
volumes: | |
- midpoint_home:/opt/midpoint/var | |
- type: bind | |
source: ./configs-and-secrets/midpoint/shibboleth/idp-metadata.xml | |
target: /etc/shibboleth/idp-metadata.xml | |
- type: bind | |
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/host-cert.pem | |
- type: bind | |
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/cachain.pem | |
- mp_pw:/opt/mp-pw | |
idp: | |
build: ./idp/ | |
depends_on: | |
- directory | |
environment: | |
- JETTY_MAX_HEAP=64m | |
- JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password | |
- JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password | |
networks: | |
- net | |
ports: | |
- 443:443 | |
mq: | |
build: ./mq/ | |
environment: | |
- RABBITMQ_NODENAME=docker-rabbit | |
hostname: rabbitmq | |
networks: | |
- net | |
ports: | |
- 15672:15672 | |
volumes: | |
- mq:/var/lib/rabbitmq | |
networks: | |
net: | |
driver: bridge | |
secrets: | |
# grouper | |
g_host-key.pem: | |
file: ./configs-and-secrets/grouper/httpd/host-key.pem | |
g_sp-key.pem: | |
file: ./configs-and-secrets/grouper/shibboleth/sp-key.pem | |
g_database_password.txt: | |
file: ./configs-and-secrets/grouper/application/database_password.txt | |
rabbitmq_password.txt: | |
file: ./configs-and-secrets/grouper/application/rabbitmq_password.txt | |
grouper.hibernate.properties: | |
file: ./configs-and-secrets/grouper/application/grouper.hibernate.properties | |
grouper-loader.properties: | |
file: ./configs-and-secrets/grouper/application/grouper-loader.properties | |
subject.properties: | |
file: ./configs-and-secrets/grouper/application/subject.properties | |
# midPoint | |
mp_host-key.pem: | |
file: ./configs-and-secrets/midpoint/httpd/host-key.pem | |
mp_shibboleth_sp_keys.jks: | |
file: ./configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks | |
volumes: | |
grouper_data: | |
source_data: | |
source_mysql: | |
target_data: | |
ldap: | |
db_init: | |
mp_pw: | |
midpoint_data: | |
midpoint_home: | |
mq: |